Computer networks may be used to communicate data between a sender and one or more receivers. The data, e.g., in the form of one or more packets, traverses paths that comprise network elements, such as nodes and links, between the sender and the receiver, generally along a computed shortest path between the sender and receiver based on one or more path metrics (e.g., cost). Often, customers may desire configuration of a private network to protect the privacy and security of their data within the private network. Sometimes, however, a customer may have multiple network locations that are distanced from one another in such a way that to maintain a private network, substantial costs (e.g., monetary) may be required. A Virtual Private Network (VPN) is a private data network that utilizes public networks to enable communication between distanced members of the same VPN (e.g., the customer's private network). For instance, privacy may be maintained between customer networks that span the public networks (e.g., a service provider network) through the use of various tunneling protocols and security features, as will be understood by those skilled in the art.
Illustratively, a source device (sender) in a one customer network may wish to send data to a destination device (receiver) in another customer network of the same VPN across the service provider (e.g., public) network. Accordingly, the source device transmits the data (traffic) to a customer edge device (CE) of the source device's customer network, which is in communication with an ingress provider edge device (PE) of the provider network. The service provider network (e.g., a “core”) transmits the traffic to an egress PE interconnected with a CE of the customer network that has the destination device, and that CE forwards the traffic toward the destination device.
Some customers desire tunnels over the paths from one CE to another CE across the provider network (“CE-CE paths”), such as for reserved bandwidth, fast convergence, fast reroute (FRR), diverse paths, etc., as will be understood by those skilled in the art. Service providers and customers may desire to have these and other benefits applied to CE-CE paths in their provider/customer network (e.g., their VPN), such as for backup data centers, voice over IP (VoIP) traffic (e.g., C4 switches to carry legacy voice traffic), etc.
Generally, the configuration for CE-CE tunnels may be agreed upon in a service contract (service level agreement, SLA) between a customer and the service provider, e.g., as applied to a particular VPN. For instance, the contract/agreement may specify a certain number of CE-CE tunnels and/or total bandwidth of those tunnels that a customer may utilize. One problem associated therewith is that it is difficult for a service provider to effectively manage (control) the number and/or total bandwidth of the CE-CE tunnels utilized by the customer where responsibility for such control is distributed across multiple nodes (PEs) of the provider network. For example, in a service provider network having such a distributed control policy, each PE is responsible for determining whether the customer may exceed the contracted number of tunnels when establishing a new tunnel. However, it is generally difficult and cumbersome for each PE to determine what tunnels have been established and/or torn down anywhere within the network; in fact, it may be sufficiently burdensome for a PE to even correctly estimate whether the customer is in excess of the contract. In other words, there remains a need for an efficient and scalable manner to manage an amount (e.g., number and/or total bandwidth) of tunnels in a computer network that utilizes a distributed control policy.